EXCLUSIVE WEBINAR
|
The new era of transferring data.
|
Live webinar with Max Schrems.
Products
System & Network Scanning
Find vulnerabilities in your entire infrastructure.
Web Application Scanning
Find vulnerabilities in your web apps and APIs.
Phishing & Awareness Training
Increase resilience against social engineering.
Business needs
Industries
Information
Partner solutions
Alok Sahay
Sales Director India & SAARC
alok.sahay@holmsecurity.com
+91 8800-67 77 99
Hi! My name is Alok and I'm your local representative in India. Looking for a cyber security solution and vulnerability management? Let's talk!
Ahmad Faurani
Sales Director Southeast Asia
ahmad.faurani@holmsecurity.com
+60 19 434 2727
Hi! My name is Ahmad Faurani and I'm your local representative in Malaysia. Looking for a cyber security solution and vulnerability management? Let's talk!
Cristian Miranda
Key Account Manager, Finland
cristian.miranda@holmsecurity.com
+46 8-550 05 582
Hei! Nimeni on Cristian ja olen paikallinen edustajasi Suomessa. Etsitkö tietoturvaratkaisua ja haavoittuvuuksien hallintaa? Puhutaan!
Victor Bunge Meyer
Key Account Manager, Sverige
victor.bunge-meyer@holmsecurity.com
+46 08-550 05 582
Välkommen till Holm Security i Sverige! Jag heter Victor och är din lokala kontakt. Kontakta mig om du vill veta mera om vår platform för sårbarhetsanalyser.
Beth Murrell
Account Manager, Benelux
elizabeth.murrell@holmsecurity.com
+31-20-238 63 94
Mijn naam is Beth Murrell en ik ben uw lokale vertegenwoordiger in Nederland, België en Luxemburg. Op zoek naar een cyberveiligheidsoplossing en kwetsbaarheidsbeheer? Laten we praten!
Jens Dahlkvist
Key Account Manager, Norge
jens.dahlkvist@holmsecurity.com
+46 8-550 05 582
Velkommen til Holm Security i Norge! Jeg heter Jens og er din lokale kontaktperson.Kontakt meg hvis du vil vite mer om vår plattform for sårbarhetsanalyser.
Ronnie Jensen
Country Manager Denmark
ronnie.jensen@holmsecurity.com
+45 31 12 10 05
Velkommen til Holm Security i Danmark! Mit navn er Ronnie og jeg er din lokale kontaktperson. Kontakt mig, hvis du vil vide mere om vores sårbarhedsanalyseplatform.
August 29, 2019
What is the difference between an ordinary damaging code and an advanced cyber weapon, and exactly how is a cyber weapon deployed and executed? Stuxnet was, according to many security researchers, one of the first and most recognizable cyber weapons. The resources needed to develop Stuxnet and its different parts was something only one nation had at the time: Several programming languages, large amounts of modules, several zero-days, knowledge of the centrifuges in the Uranium enrichment facility Natanz, and stolen certificates, are just a few reasons that make it probable only one nation was behind it.
This part of the cyber weapon ensures it hits its target - or reaches the right client, hardware, or network. The delivery can be done using an e-mail, USB-memory, CD-ROM, or by physically connecting to the server, client, TV, or similar devices. This is something which the Vault7 leaks from the CIA showed, not entirely unusual that HUMINT and SIGINT resources were used. The delivery might happen in the form of an implant that is installed when the equipment is sent to the customer. To reach its final target, which might be further into the network, the zero-days, or code, can be used to detect and bypass so-called airgaps. Networks that are sensitive and not connected to the internet, for example.
The warhead makes sure that the goal of the cyber weapon is completed. It can be to influence a process in a SCADA system or perhaps destroy vital parts in systems that are crucial for the community. It could also exfiltrate sensitive information from the target system.
This part is not always necessary but makes it possible to (using a unique ID) “call home” and notify that the cyber weapon has reached its target or completed a sub-goal. The communication part is important if the cyber weapon is hidden during an extended period and works to activate the warhead on command.
To make the discovery by network forensics and intrusion detection systems more difficult, popular sites such as Dropbox, Twitter, or Instagram can be used over TLS encrypted communication.
Steganography, where messages are exfiltrated with the help of pictures, has even been observed, including communication with IP-addresses where a satellite link is used, and the antagonist has had the opportunity to read the communication with the help of SIGINT or other equipment.
If the communication mechanism is already using existing infrastructure to update software or check if new versions are available, the process of detection gets increasingly more difficult. The communication mechanism can also be used to download and activate new modules, droppers, etc.
One of the oldest and most common methods is obfuscating or encrypting. Even relatively simple things such as modularity can make it difficult to see the whole of a cyber weapon, for example, sniff-functions can be present in a module, or key logs in a module, etc.
There are even environmental keyed payloads where a module can be encrypted with a key that is only located in the target network or system. Another important aspect for those developing cyber weapons is OPSEC. Since everything leaves a trace and something that is increasingly common is false flagging. Traces can lead towards one country, when in fact it is ’developed’ in a completely different one. Language, time zones, etc. can be changed.
In Holm Security's platform, you can work together with your outsourcing partner. You can both access the Security Center (our control panel) and be able to prioritize and discuss vulnerabilities. The platform then becomes a tool that promotes cooperation with your outsourcing partner and enables you to work more efficiently with your IT security.
Sometimes the warhead is located in the unit's RAM and disappears if the unit crashes or restarts. Creators of cyber weapons want it to stay put for a longer time and there are an unbelievable amount of ways to hide.
A difference between, for example, WannaCry and a cyber weapon are that the objective of the cyber weapon is to only propagate within a smaller area. It can be a smaller organization or network. A smaller spread can make eventual detection more difficult. Propagation can be a must in the delivery, and then maybe there is a gap between the process network/secret network and the internet.
Cyber weapon developers put resources on developing weapons that will remain hidden. The weapon deletes itself when the mission is complete, and there might be a built-in counter that automatically erase the weapon once completed.
Vulnerability Management is a cornerstone in a modern cyber security defense.
Read more articles similar to this one.
Hacker attacks
Understanding an attacker and the various methods used for attempting to access or modify systems or software, makes it easier for us to protect...
Hacker attacks
On March 19, the Norwegian multinational company Norsk Hydro detected abnormal activity in their servers and found that they were exposed to a...
Hacker attacks
Ransomware
Recently Sweden experienced its most extensive data leak in history. February 18th the Swedish newspaper Computer Sweden announced that the...